Risk management strategy

Introduction

The aim of the strategy is to provide an effective framework to manage the key risks facing our services in line with:

  • our risk appetite
  • the successful delivery of the outcomes of our Corporate Plan

The Corporate Plan sets out four priorities:

  • high aspirations
  • enabling everyone to enjoy life to the full
  • create thriving environments
  • provide good value council services

The Risk Management Strategy recognises that whilst there have been several years of unprecedented challenges in delivering our services and corporate priorities, we continue to be responsive of risk to meet our needs with further frequent reporting and assurance.

The strategy seeks to encourage well measured ethical risk taking where it is likely to lead to sustainable improvements in service delivery to the people of Lincolnshire. It supports both:

  • the management of threats
  • the taking of opportunities

It is important that we are transparent and have accountability especially as we are a public service, spending public money. The risk strategy focuses on these elements.  

Our strategic management risk

Our Strategic approach to risk management is to make informed decisions and realise opportunities which are vital to successful transformational change.

  • To set the ‘tone from the top’ on the level of risk we are prepared to accept on a different service activities and priorities.
  • Continue to understand our ‘risk appetite’ with senior leaders incorporating the different risk categories.  We acknowledge that how we ‘think about risk’ will be different depending on the context of corporate impact and sensitivity.
  • Acknowledge that even with good risk management and our best endeavours things can go wrong. Where this happens, we use the lessons learnt to try and prevent it from happening again.  This includes issues as well as risks.
  • Develop leadership capacity and skills to have a clear understanding of the risks and issues facing us in delivering our services and how we manage these.  Risk management should be integral to how we run our business and services.
  • Support a culture of well measured risk taking throughout our business, including strategic and operational. This includes financial risk taking and being comfortable taking more risk in this area, but in a balanced and proportionate way. It also includes setting risk ownership and accountabilities and responding to risk in a balanced way, thinking about the level of:
    • risk
    • reward
    • impact
    • cost of control measures
  • Further strengthen how risks are controlled and measured – being more accountable and with measurable indicators.
  • Ensure our approach to risk management is proportionate to the decision being made.
  • Effective and flexible reporting and monitoring with board or executive intelligence on the key risks facing us.
  • Good practice tools and training to support management of risks which is applied consistently throughout the council.
  • Keep abreast of best practice throughout the industry.  This includes the external review of our risk management practices.

Achieving success - implementing our strategic risk

Our risk appetite statement is creative and risk aware.

‘We wish to be creative and open to consider all potential delivery options with well measured risk taking whilst being aware of the impact of our key decisions’.

This means that our risk and assurance systems need to be working well so that we create an environment of ‘no surprises’. Whilst working within this overall context – ‘tone from the top’ – we acknowledge that our risk appetite will vary depending on the nature of the service.  For example, our appetite for risk taking on safeguarding adults and children is more cautious.  Where we undertake operations or initiatives outside the agreed risk appetite this must be reported and monitored through the appropriate executive director.  This helps promote informed decision-making based on risk awareness.

Leadership

Executive and Corporate Leadership Team (CLT):

  • has the ultimate accountability for the risk environment
  • is responsible for approving and reviewing risk policies
  • sets the level of risk we are prepared to accept - our'risk appetite'

Escalation

Audit Committee is responsible for:

  • overseeing the effectiveness of our risk management arrangements
  • challenging risk information
  • escalating issues to CLT or the Executive

Oversight and co-ordination

Risk and safety groups or equivalent groups (Corporate and Directorate) are responsible for the facilitation and co-ordination of our risk management activity.

Ownership

Directorates and services (all employees) are the 'risk takers'. They are responsible for identifying, assessing, measuring, monitoring, and reporting and escalating significant risks associated with their functions or activities which feed into directorate and strategic risks.

Assurance

Elected Members, Management, Corporate functions, third parties and internal audit as part of our combined assurance model give assurance on the management of risks and the operation and performance of controls.

Risk management guidance

Every aspect of our work involves some level of risk.  Policy making, decision making, financial management and day to day delivery of services, all involve risk.  We do not advocate that all risk is removed from our work. Instead we need to be ‘risk aware’ – balancing quality, cost, and risk in our work.  We need to take steps to ensure that the identified risk is kept within acceptable parameters - with ‘no surprises’.

Risk management also ensures that we maintain our public sector ethos and keep an ethical mindset.  ‘How we do it’ is as important as ‘what we do’ when making decisions within risk management.  Our risk management arrangements enable us to manage uncertainty in a systematic way at all levels of our business:

Strategic

Future decisions of the business

Change

Turning strategy into action including programme and change management

Operational

Day-to-day operations including:

  • people
  • customer experience
  • processes
  • information security
  • finance
  • business continuity

A formal risk assessment – producing a risk register that will be monitored and recorded on our risk management software, Sharp Cloud, is required for all services, in particular:

  • strategic risks
  • key projects and programmes including those through the transformation programme and determined by our corporate plan and project management guidance
  • new service strategies that have a greater impact on people, finance, and the council

Risk management and assurance framework

As part of our combined assurance model, elected members, management, third parties and internal audit give assurance on the management of risks and the operation and performance of controls:

  • mandate and commitment
  • framework design for managing risk
  • implement risk management
  • monitoring and review of the framework
  • maintenance and improvement of the framework

Combined assurance

  • management
  • corporate or third party
  • internal audit

Giving assurance on:

  • service delivery
  • management of risks
  • operation of controls and, or performance

Key decisions

All key decisions presented to the Executive must clearly show:

  • the key risks associated with the decision (recommendations)
  • the potential impact
  • the risk owners
  • how these will be managed

This helps promote informed decision-making, particularly in an environment of uncertainty and change.

Risk management support

he Insurance and Risk Management Team helps support management and promotes good practice.

The key roles of this team are:

  • To co-ordinate and maintain our strategic risk register, including identifying any emerging risks and issues.
  • To develop and co-ordinate the implementation of the risk management strategy
  • Provide guidance on risk management including relevant tools on how to identify risks and measurable controls
  • To support members and senior managers to:
    • help identify their and the council's risk appetite
    • identify and manage risks and issues facing us
  • Promote good risk management through training via e-learning, face to face and virtual events and publications
  • Measuring and monitoring the successful implementation of the strategic risk management strategy priorities by demonstrating that we:
    • have a culture which supports well thought through risk taking and innovation, with leadership who support, own and lead on risk management
    • enable members, management and staff to make decisions that are in accordance with our risk appetite
    • learns when things go wrong and have no major surprises that could adversely affect the trust and confidence of the people of Lincolnshire in the services we provide

Our risk management guidance sets our requirements.  It gives people the tools to help them identify and mange risks effectively.  We have developed some simple guidance and tools on our risk management pages within the Insurance and Risk hub on Sharepoint.

There are two courses on Lincs2Learn:

  • Strategic risk management
  • Operational risk management

Contact the risk management team on the following email address for further assistance and guidance:

Riskmanagement@lincolnshire.gov.uk